Security Basics mailing list archives
RE: Web apps code testing
From: Dean Saxe <Dean.Saxe () DigitalInsight com>
Date: Thu, 18 Mar 2004 12:29:53 -0500
That will only scan the server, not the code, for vulnerabilities. I believe the OWASP had a Java code scanner project in the works. You may also want to test the application with a product like WebInspect by SPIDynamics (www.spidynamics.com). -dhs -----Original Message----- From: Sistemas Aurensis-Sys Sec [mailto:syssec () aurensis com] Sent: Thursday, March 18, 2004 2:29 AM To: security-basics () securityfocus com Subject: Web apps code testing You can try nikto. Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers http://www.cirt.net/code/nikto.shtml -----Mensaje original----- De: Marty [mailto:groupecci () yahoo ca] Enviado el: miércoles 17 de marzo de 2004 1:51 Para: Sec Basic Asunto: Web apps code testing Hi, I have the complete code (Java) for a website our development team just completed. Is there a tool I can use to make sure the code is secure? Thanks! Marty __________________________________________________________ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Web apps code testing Marty (Mar 17)
- RE: Web apps code testing Yvan Boily (Mar 17)
- <Possible follow-ups>
- Web apps code testing Sistemas Aurensis-Sys Sec (Mar 18)
- RE: Web apps code testing Dean Saxe (Mar 19)
- RE: Web apps code testing Yvan Boily (Mar 22)